[SECURITY] Fedora 35 Update: shim-unsigned-aarch64-15.6-1

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

[SECURITY] Fedora 35 Update: shim-unsigned-x64-15.6-1

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

DEBIAN-CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

CVE-2022-32546

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

DEBIAN-CVE-2022-32546

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

Input validation

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

Input validation

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

UBUNTU-CVE-2022-32546

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

UBUNTU-CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

Imagemagick Studio ImageMagick 输入验证错误漏洞

Imagemagick Studio ImageMagick is a suite of open-source image processing software from the American company Imagemagick Studio. The software can read, convert, or write images in a variety of formats. A security vulnerability exists in Imagemagick Studio ImageMagick that originates when handling...

CVE-2022-32545

CVE-2022-32545 affects ImageMagick and is caused by processing input in coders/psd.c that leads to values outside the range representable by unsigned char, causing undefined behavior and potential availability impact. Connected advisories (Debian DLA-3429-1; Cloud Foundry USN entries; Amazon ALAS...

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

CVE-2022-32545

A vulnerability was found in ImageMagick. When crafted or untrusted input is processed, it causes issues outside the range of values of type 'unsigned char' at coders/psd.c. This issue leads to a negative impact on application availability or other problems related to undefined behavior...

CVE-2022-31467

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature...

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

new packages: shim-unsigned-x64

An update is available for shim-unsigned-x64. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: shim-unsigned-aarch64

An update is available for shim-unsigned-aarch64. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

GHSA-J4QF-3W33-8CGC SimpleSAMLphp Signature validation bypass

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...